Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option for administrator to reset user 2FA #14243

Merged
merged 7 commits into from
Jan 5, 2021
Merged

Add option for administrator to reset user 2FA #14243

merged 7 commits into from
Jan 5, 2021

Conversation

6543
Copy link
Member

@6543 6543 commented Jan 4, 2021

by checking the "Reset 2FA" checkbox the 2fa is reset if exist ...

@6543 6543 modified the milestones: 1.13.2, 1.14.0 Jan 4, 2021
@6543 6543 added the type/enhancement An improvement of existing functionality label Jan 4, 2021
@lafriks lafriks changed the title Admin Pannel: be able to reset 2fa Add option for administrator to reset user 2FA Jan 4, 2021
@CirnoT
Copy link
Contributor

CirnoT commented Jan 4, 2021

I don't think this removes U2F registrations, leaving 2FA in a rather inconsistent state where U2F tokens are registered but 2FA itself is disabled.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Jan 4, 2021
@6543
Copy link
Member Author

6543 commented Jan 4, 2021
edited
Loading

@CirnoT this is the way it is done ... :

gitea/routers/user/setting/security_twofa.go

Lines 55 to 82 in 3d38ecb

// DisableTwoFactor deletes the user's 2FA settings.
func DisableTwoFactor(ctx *context.Context) {
ctx.Data["Title"] = ctx.Tr("settings")
ctx.Data["PageIsSettingsSecurity"] = true
t, err := models.GetTwoFactorByUID(ctx.User.ID)
if err != nil {
if models.IsErrTwoFactorNotEnrolled(err) {
ctx.Flash.Error(ctx.Tr("setting.twofa_not_enrolled"))
ctx.Redirect(setting.AppSubURL + "/user/settings/security")
}
ctx.ServerError("SettingsTwoFactor: Failed to GetTwoFactorByUID", err)
return
}
if err = models.DeleteTwoFactorByID(t.ID, ctx.User.ID); err != nil {
if models.IsErrTwoFactorNotEnrolled(err) {
// There is a potential DB race here - we must have been disabled by another request in the intervening period
ctx.Flash.Success(ctx.Tr("settings.twofa_disabled"))
ctx.Redirect(setting.AppSubURL + "/user/settings/security")
}
ctx.ServerError("SettingsTwoFactor: Failed to DeleteTwoFactorByID", err)
return
}
ctx.Flash.Success(ctx.Tr("settings.twofa_disabled"))
ctx.Redirect(setting.AppSubURL + "/user/settings/security")
}

for the admin pannel, this is just simplified as it dont need to be that verbose there (fail or sucess and move forward with other changes)

@CirnoT
Copy link
Contributor

CirnoT commented Jan 4, 2021

I still really think U2F registrations should be removed when 2FA is disabled administratively.

On the other hand, maybe they can be also used for other things later on. Won't block because of that.

@6543
Copy link
Member Author

6543 commented Jan 4, 2021

@CirnoT done -> 42e7d84

@codecov-io
Copy link

Codecov Report

Merging #14243 (42e7d84) into master (8db0372) will decrease coverage by 0.00%.
The diff coverage is 26.66%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master   #14243      +/-   ##
==========================================
- Coverage   41.97%   41.96%   -0.01%     
==========================================
  Files         735      735              
  Lines       78933    78948      +15     
==========================================
+ Hits        33130    33132       +2     
- Misses      40347    40358      +11     
- Partials     5456     5458       +2
Impacted Files Coverage Δ
modules/auth/admin.go 0.00% <ø> (ø)
routers/admin/users.go 27.77% <26.66%> (-0.08%) ⬇️
modules/indexer/stats/db.go 48.00% <0.00%> (-12.00%) ⬇️
modules/git/repo_commit_nogogit.go 63.33% <0.00%> (-1.67%) ⬇️
services/pull/pull.go 42.28% <0.00%> (-0.50%) ⬇️
modules/log/event.go 59.90% <0.00%> (+0.94%) ⬆️
modules/log/file.go 75.20% <0.00%> (+1.60%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8db0372...42e7d84. Read the comment docs.

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Jan 5, 2021
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jan 5, 2021
@6543
Copy link
Member Author

6543 commented Jan 5, 2021

🚀

@6543 6543 merged commit 325add7 into go-gitea:master Jan 5, 2021
@6543 6543 deleted the admin-pannel_reset-2fa branch January 5, 2021 13:54
@zeripath zeripath mentioned this pull request Jan 14, 2021
Merged
@go-gitea go-gitea locked and limited conversation to collaborators Feb 11, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lunny lunny lunny approved these changes

@CirnoT CirnoT CirnoT approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/enhancement An improvement of existing functionality
Projects
None yet
Milestone
1.14.0
Development

Successfully merging this pull request may close these issues.
5 participants
@6543 @CirnoT @codecov-io @lunny @GiteaBot